Configuring & Customizing Detectors
With Nightfall, you can create custom detectors in two ways: using regular expressions (regexes), or starting from existing Nightfall machine learning detectors.

Regular Expressions

Short for regular expression, a regex is a string of text that allows you to create patterns that help match, locate, and manage text. If you want to look for a common pattern, you can create your own custom regex to search for that specific pattern. If a token is matched, Nightfall will alert with a confidence level of ‘Likely’.
Regexes must match the syntax outlined at this link. You can also give your regex a test drive using sample data at this link.

Extending Upon a Nightfall Detector

You can customize any existing machine learning-based Nightfall detector by adding exclusion rules and/or context rules.

Exclusion Rules (Allow List)

Exclusion rules in Nightfall act essentially as an “allow list,” enabling you to define data that should not trigger a DLP violation. One common example applies to the Email detector - many organizations choose to ignore instances of their own email domains.
Exclusion rules can be defined via regex, or with a dictionary (list) of items to allow.

Context Rules

Context Rules tell a detector to analyze the pre- and post- context around a token, looking for hot or cold words to assess the confidence level of the violation (context can uplevel or downlevel the detection confidence).
For example, a company may want to detect occurrences of their account numbers, which are 10-digit numbers. However, there are a lot of 10-digit numbers in the world, and such a broad detection rule could be very noisy. One option is to add context to the rule, such as the appearance of the strings “account” or “acct” near the token. An appearance of the token along with the context will be upweighted to a “very likely” violation, whereas the token without the context would be weighted as “possible.”
Context rules will typically be applied to custom detectors, as Nightfall’s machine learning detectors already take context into account. If you have a specific use case and want to understand the specific context analyzed by each detector, our team will be happy to speak with you.
Last modified 2mo ago